{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-49081", "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079", "state": "PUBLISHED", "assignerShortName": "Absolute", "dateReserved": "2025-05-30T18:23:44.238Z", "datePublished": "2025-06-12T17:25:47.812Z", "dateUpdated": "2025-06-12T17:59:46.307Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Warehouse", "product": "Secure Access", "vendor": "Absolute Security", "versions": [{"lessThan": "13.55", "status": "affected", "version": "0", "versionType": "Server"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>There is an insufficient input validation vulnerability in the warehouse\ncomponent of Absolute Secure Access prior to server version 13.55. Attackers\nwith system administrator permissions can impair the availability of the Secure\nAccess administrative UI by writing invalid data to the warehouse over the\nnetwork. The attack complexity is low, there are no attack requirements,\nprivileges required are high, and there is no user interaction required. There\nis no impact on confidentiality or integrity; the impact on availability is\nhigh.</p>"}], "value": "There is an insufficient input validation vulnerability in the warehouse\ncomponent of Absolute Secure Access prior to server version 13.55. Attackers\nwith system administrator permissions can impair the availability of the Secure\nAccess administrative UI by writing invalid data to the warehouse over the\nnetwork. The attack complexity is low, there are no attack requirements,\nprivileges required are high, and there is no user interaction required. There\nis no impact on confidentiality or integrity; the impact on availability is\nhigh."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "b6533044-ea05-4482-8458-7bddeca0d079", "shortName": "Absolute", "dateUpdated": "2025-06-12T17:25:47.812Z"}, "references": [{"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49081"}], "source": {"discovery": "UNKNOWN"}, "title": "Input validation vulnerability in the Secure Access prior to version 13.55", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-12T17:58:19.597138Z", "id": "CVE-2025-49081", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-12T17:59:46.307Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-49081", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-12T17:58:19.597138Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-12T17:59:17.229Z"}}], "cna": {"title": "Input validation vulnerability in the Secure Access prior to version 13.55", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Absolute Security", "product": "Secure Access", "versions": [{"status": "affected", "version": "0", "lessThan": "13.55", "versionType": "Server"}], "packageName": "Warehouse", "defaultStatus": "unaffected"}], "references": [{"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49081"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "There is an insufficient input validation vulnerability in the warehouse\ncomponent of Absolute Secure Access prior to server version 13.55. Attackers\nwith system administrator permissions can impair the availability of the Secure\nAccess administrative UI by writing invalid data to the warehouse over the\nnetwork. The attack complexity is low, there are no attack requirements,\nprivileges required are high, and there is no user interaction required. There\nis no impact on confidentiality or integrity; the impact on availability is\nhigh.", "supportingMedia": [{"type": "text/html", "value": "<p>There is an insufficient input validation vulnerability in the warehouse\ncomponent of Absolute Secure Access prior to server version 13.55. Attackers\nwith system administrator permissions can impair the availability of the Secure\nAccess administrative UI by writing invalid data to the warehouse over the\nnetwork. The attack complexity is low, there are no attack requirements,\nprivileges required are high, and there is no user interaction required. There\nis no impact on confidentiality or integrity; the impact on availability is\nhigh.</p>", "base64": false}]}], "providerMetadata": {"orgId": "b6533044-ea05-4482-8458-7bddeca0d079", "shortName": "Absolute", "dateUpdated": "2025-06-12T17:25:47.812Z"}}}, "cveMetadata": {"cveId": "CVE-2025-49081", "state": "PUBLISHED", "dateUpdated": "2025-06-12T17:59:46.307Z", "dateReserved": "2025-05-30T18:23:44.238Z", "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079", "datePublished": "2025-06-12T17:25:47.812Z", "assignerShortName": "Absolute"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*", "matchCriteriaId": "63EA8711-5040-41D3-BA83-0BF6B7C6821E", "versionEndExcluding": "13.55", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is an insufficient input validation vulnerability in the warehouse\ncomponent of Absolute Secure Access prior to server version 13.55. Attackers\nwith system administrator permissions can impair the availability of the Secure\nAccess administrative UI by writing invalid data to the warehouse over the\nnetwork. The attack complexity is low, there are no attack requirements,\nprivileges required are high, and there is no user interaction required. There\nis no impact on confidentiality or integrity; the impact on availability is\nhigh."}, {"lang": "es", "value": "Existe una vulnerabilidad de validaci\u00f3n de entrada insuficiente en el componente de almac\u00e9n de Absolute Secure Access anterior a la versi\u00f3n de servidor 13.55. Los atacantes con permisos de administrador del sistema pueden afectar la disponibilidad de la interfaz administrativa de Secure Access escribiendo datos no v\u00e1lidos en el almac\u00e9n a trav\u00e9s de la red. La complejidad del ataque es baja, no requiere ataques, se requieren privilegios elevados y no se requiere interacci\u00f3n del usuario. No afecta a la confidencialidad ni a la integridad; el impacto en la disponibilidad es alto."}], "id": "CVE-2025-49081", "lastModified": "2025-06-17T20:32:38.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "SecurityResponse@netmotionsoftware.com", "type": "Secondary"}]}, "published": "2025-06-12T18:15:20.853", "references": [{"source": "SecurityResponse@netmotionsoftware.com", "tags": ["Vendor Advisory"], "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49081"}], "sourceIdentifier": "SecurityResponse@netmotionsoftware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}